Should you be using a captive portal for your guest Wi-Fi?
The history of the captive portal
Captive portals were 1st introduced for guest Wi-Fi access in the hospitality sector. A Captive portal is something that grabs the focus of your browser and redirects you to a branded landing page when you connect your device to a public Wi-Fi network , you would have to enter in your name, email address and sometimes your mobile phone number and agree to T’s & C’s to register for an account and in most cases you would have to pay for your internet access.
Captive portals were commonplace, they even started using them in restaurants, cafes and even supermarkets.
The user end experience was good in those days when people only accessed the guest Wi-Fi network through a Windows Laptop or a MacBook which used primarily unencrypted HTTP and DNS.
There were few issues intercepting the communication and presenting the captive portal. But today’s reliance on TLS and HTTPS and the growing use of encrypted DNS protocols can result in a less than seamless experience for the users.
Essentially, they are performing a man-in-the-middle attack on the end-user, users can see confusing and alarming certificate warnings and page load errors caused by some captive portals, and they don’t know how to respond to them.
While many organisations in the hospitality sector still use them, many others don’t.
Benefits and downsides of captive portals
- They are completely customisable and a great way to reenforce your brand.
- They are an effective way of conveying information.
- You can use various sign-in methods from text messages, social logins, email accounts, etc. A captive portal can also act as a paywall.
- Portals were an advertising opportunity. Within the page where the terms and conditions were agreed to, the extra space could be used for advertising.
Depending on the Captive Portal provider some can be very unreliable. E.g. different browsers work differently or maybe have weird plugins. Sometimes, user-experience problems never get fixed, or the portal doesn’t work well consistently. In a hotel environment if there isn’t a managed Wi-Fi contract in place with a provider users may find that there’s no one to complain to.
What factors should determine if a captive portal is required?
- Organisational goals: If an organisation’s goal is to ensure that they are able to harvest user data, In that case, perhaps the drawbacks of a captive portal are minor.
- Brand Awareness: Captive portals can reinforce your brand awareness.
- Tracking: If it is essential that you track user data, then forcing people to register for an account is an effective way of tying internet history to specific users.
People’s expectations these days are that high-speed Wi-Fi needs to be free and accessible to everyone, however If you are a large hotel, a chain of restaurants or cafes then implementing a secure Wi-Fi network for your customers can run into several thousands of pounds as well as the support overhead.
A small family run café is a fairly basic setup usually with a single access point The owners want to collect user email addresses so they can email market people about mother’s day or other special occasion offers so they set up a captive portal so users fill in their email address and are complying with the cafés terms and conditions, this can be implemented very cost effectively.
In a different example a large hotel is wanting to offer its guests wireless access. Guests must their email address as a minimum to get online. This type of captive portal is secure and frequently tested. Some users don’t like having to put in their email address. Nevertheless, the organisation decided to add this step because it wants a way to track people in case the worst happens, as it’s had issues in the past.
These examples represent two different scenarios and reasons for implementing a captive portal.
Implementing a captive portal?
If you’re looking to deploy a captive portal, here are a few important considerations:
Select a reputable provider. Choosing a reputable provider that not only provides you will the portal itself but you can also call on for support if you do run into issues.
Test the portal regularly. Just because a captive portal worked when it was implemented it doesn’t mean that it is working correctly now. Ensure it is working the way it’s supposed to work and then test it frequently.
Keep it up to date. There are a lot of browsers and lots of updates that happen all l the time, ensure the portal is up to date to conform with all browsers that people may be using.
Potential issues. Captive portals can cause issues with secure web and DNS traffic, ensure you know how to get round any of these issues.
Fake captive portals. Captive Portals can easily be spoofed; hackers can replicate them with your logos and a similar looking page to make it feel legitimate.
Certain applications might want connectivity before a browser is opened. You need to decide whether to allow that.
Complaint handling. Some users might refuse to enter their details in your portal. Ensure your portal is GDPR compliant.